Maybe you have to be a tried and true geek to enjoy it, but it really shows how vulnerable we all are.

In a nutshell, the guy being attacked is Steve Gibson of Gibson Research, creator of Shields Up! He is, as this article proves, a truly skilled computer scientist, programmer, and writer. The incidents described just happened last month, in May 2001.

What was the end result? I don't want to spoil it, but it will surprise you. Read this only after you've read the whole article.
http://grc.com/dos/openletter.htm

Questions? Comments?

Mike DeTuri

Please correct me if I am wrong, we are not going to stop Internet vandals but, if we don’t have Windows 2000 and Windows XP, then we do not have to worry, just yet, as much as someone who does have W2 and WXP?

I don’t like being forced to do things like upgrade to the latest and greatest if what I am using now is working fine so now, I have a reason to not want Windows 2000 or XP just yet?

Not that I am letting my guard down, but is the type of attack Steve endured more concentrated on cable-modem users? I understand what he said about it being impossible to create a secure consumer personal computer, I just want to make myself less likely to be a victim.

I don’t understand firewalls, how do you know if you need one? I will research that more later.

Am I naive to think the ISP should be more responsible when they know about a potential problem?

I am digesting all of this little by little so I will probably have more questions/comments later.

Thank you for posting this.

Linda

p.s. I think if I found out who this kid was I would wait until he gets a job, bank account, credit card, and totally screw up everything so he has no access to his money and let him feel the frustation and anger. Then tell him paybacks a B****!

[ 06-16-2001: Message edited by: Valentine58 ]

"Please correct me if I am wrong, we are not going to stop Internet vandals but, if we don’t have Windows 2000 and Windows XP, then we do not have to worry, just yet, as much as someone who does have W2 and WXP?"

His worry about Win2000 and WinXP were that they make it easier to to change/spoof IP addresses. The IP address of a computer is its basic identity on the Internet. Since Wicked had taken over Windows 98 and 95 machines the IP addresses that were sending the flood of packets to Steve's server were relatively stable. This allowed him to filter the traffic by IP address and the router would know not to allow packets from those IPs. If Wicked had taken over Windows 2000 and XP machines his attack would have been much more serious because his bot software could have changed/masked/spoofed the IP address of the attacking machine. This would make it practically impossible to filter out the attacking computers. You could still create filters, but there would be no point since the IP addresses would be constantly changing.

So to answer your question, I don't you would be more vulnerable if you had Win2000 or WinXP, but web servers would be much more vulnerable if everyone had those operating systems.

"Not that I am letting my guard down, but is the type of attack Steve endured more concentrated on cable-modem users?"

Cable and DSL users are the "sweet spot" as far as hackers are concerned. In some cases they have as much bandwidth as a company with a T1 line. Because of the higher bandwidth (connection speed) cable and DSL users are able to send many more false packets per second and make the attack much more effective. Since cable and DSL subscribers are mainly home users with limited computer knowledge they have little or no security. This makes taking over their machines much easier.

"I don’t understand firewalls, how do you know if you need one?"

If you are on the Internet you should have a firewall. If you have a cable or DSL modem you need a firewall. A firewall directs and monitors network traffic. This was demonstrated quite nicely at the end of the article when he tested ZoneAlarm and BlackIce Defender. If your computer tries to make contact to the Internet without your knowledge the firewall can step in, pause the connection, and ask you if you really want such-and-such program to send traffic to the Internet. It will also block incoming traffic.

"Am I naive to think the ISP should be more responsible when they know about a potential problem?"

That surprised me too. You'd think they'd at least make a copy of their logs and save them. How hard is it to do that?

"Thank you for posting this."

Well, it was the 15th of the month and that's when my CryptoGram newsletter arrives in my mailbox. I found out about it from there and just couldn't resist posting the link here.

There were a couple of things that really impressed me about Steve. I was very impressed by his humility and his computer skills. I loved reading about how he reverse engineered one of Wicked's Zombie bots and then wrote his own IRC bot to spy on the hackers. There are a lot of people making very good money as programmers who can't do this period, much less do it in the few days that it seemed to take him. It must be nice to have that kind of skill.

Mike DeTuri

Thanks for posting this, I appreciate it.

Tammy

Scroll down to "Shields Up", and let Steve "probe your ports" for vulnerability to hackers (don't worry, you can trust him!!). This will help you decide whether or not you need a firewall. However, as Mike pointed out, everyone who uses the Internet should have one, even if your access is through a dial-up service.

Then head over to Zone Labs and download ZoneAlarm, a free and, IMO, a very effective firewall.

http://www.zonelabs.com/

My internet access is through a cable modem. As soon as I signed up, I went to Steve's web site and ran "Shields Up". I nearly fainted when I discovered how vulnerable my system was; made even worse by cable's "always on" characteristics. I downloaded ZoneAlarm a few minutes later.

On any given day, I must get at least a dozen or more "alerts" from ZoneAlarm that an attempt has been made to access my computer, but ZoneAlarm stops them cold. And, as Mike pointed out, ZoneAlarm also blocks Internet access by programs like my antivirus's automatic update feature until I give the okay. An amazing product, to say the least, and it's FREE!!

Okay, I'm done with my ZoneAlarm plug!!

Mike - I read that article from top to bottom (whew!!); thank you for posting it. Aside from Steve's amazing adventure with these hackers, the thing that struck me was his up-hill battle to get Microsoft and the ISPs involved to listen to him. Even he pointed out that the FBI's inability to do much wasn't surprising, but to have the companies hosting these jokers (the ISPs) take a blase attitude is frightening. I do believe there will be a serious Internet meltdown in the near future - thanks to the inattention of the gatekeepers.

I agree with you, Mike, hats off to Steve Gibson - a true hero of the Internet! Thank God he's one of the "good guys".

....and as I write this, ZoneAlarm has just blocked access to my computer via one of my vulnerable ports. Hehehehehe

Lisa

Thanks for sharing that article. I hope others here at mtdesk see your posting. It is so important.

Mike DeTuri

Thanks for posting this. I haven't had time to really get by Steve's website lately. I did read through his place thoroughly when I started thinking about firewall protection.

To start with, I was using McAfee's firewall program but it was a complete flop. It didn't work right and it was forever screwing up my system. I found Steve's page quite by mistake and haven't regretted taking the time to read it. I got ZoneAlarm right then and there.

My isp has given me crap a few times claiming that ZA is the reason I have lost my connection a few times. It wasn't the reason at all. In fact, it turned out to be on their end, not mine. I run ZA on maximum all the time.

What I really like about it is that I have to give permission for the office to get into my computer for office updates or to correct something. When I found out that my computer was a sitting duck from just having a telephone connected to it and not even being on the internet, I worried.

Even if you don't consider your own personal information valuable, think about the medical files you have on your computer. Firewalls are necessary.

Sam

quote:

---

Even if you don't consider your own personal information valuable, think about the medical files you have on your computer. Firewalls are necessary.

---

Sam, Amen to that statement. I still don't consider the personal information on my computer to be of any value to anybody - and I don't keep medical files on my hard drive.

However, after reading Steve's little tale of woe, I am committed to making sure that my computer is never the unwitting "mule" for some hacker to do serious damage to someone else.

...Which brings me to a question for Mike!

What do you do with the information you get when you run an IP address through ZoneAlarm? If I don't recognize the address owner, that doesn't necessarily mean it's a hacker, right? What should tip me off that the address belongs to a hacker?

Right. It could be a friendly bot that runs through the Internet indexing sites for search engines. It could also be a hacker trying to scan for open ports. My thought is that if you're seeing the address that means ZA stopped it so it's really nothing to worry about. If you get repeated attempts from the same or a similar address (201.110.2.3 and 201.110.2.67 for example) then you might want to report it to your ISP.

Mike DeTuri

Have you tried going to www.grc.com then Shields Up! to make sure your firewall is working? These pages will probe some of your computer's 65,000+ ports and try to connect with a TCP/IP network connection.

Also download and run LeakTest from the same site. That will tell you if programs on your computer can send information through the firewall unbeknownst to you. Now that I think about it, Leak Test probably wouldn't be a good idea since you have a hardware firewall your computer guy probably left it open so you could send stuff out. Software firewalls like ZoneAlarm will usually pop up a warning dialog asking your permission every time a new program tries to access the Internet.

At any rate www.grc.com should give you a pretty good idea of what your firewall is doing or not doing. The results of the tests are in worst, good, better, and best format so it's easy to see where you are currently and where you want to be for maximum security.

Mike DeTuri

[ 06-18-2001: Message edited by: Mike ]